The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
This module exploits a vulnerability in the Microsoft Kerberos implementation. The problem exists in the verification of the Privilege Attribute Certificate (PAC) from a Kerberos TGS request, where a domain user may forge a PAC with arbitrary privileges, including Domain Administrator. This module requests a TGT ticket with a forged PAC and exports it to a MIT Kerberos Credential Cache file. It can be loaded on Windows systems with the Mimikatz help. It has been tested successfully on Windows 2008.
msf > use auxiliary/admin/kerberos/ms14_068_kerberos_checksum msf auxiliary(ms14_068_kerberos_checksum) > show actions ...actions... msf auxiliary(ms14_068_kerberos_checksum) > set ACTION <action-name> msf auxiliary(ms14_068_kerberos_checksum) > show options ...show and set options... msf auxiliary(ms14_068_kerberos_checksum) > run
as-rep-roast Author Jason Martinsen Python code to execute an AS-REP Roasting attack USE ONLY AGAINST AUTHORIZED TARGETS Usage : USAGE: as-rep-roastpy -u <userName>@<domainName> -d <domainControlerAddr> Hashcat compatible output will be piped to screen and to hashcatout file This code is based on the code from the below project
Python Kerberos Exploitation Kit PyKEK (Python Kerberos Exploitation Kit), a python library to manipulate KRB5-related data (Still in development) For now, only a few functionalities have been implemented (in a quite Quick'n'Dirty way) to exploit MS14-068 (CVE-2014-6324) More is coming Author Sylvain Monné Contact : sylvain dot monne at solucom dot fr ht
License DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE Version 3, August 2017 Everyone is permitted to copy and distribute verbatim or modified copies of this license document, and changing it is allowed as long as the name is changed DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION You just DO WHAT THE FUCK YOU WANT TO
██╗ ██╗███████╗██╗ ██████╗ ███████╗██╗ ██╗██╗ ██║ ██║██╔════╝██║ ██╔══██╗██╔════╝██║ ██║██║ ███████║█████╗ ██║ ██████╔╝████
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims, including some related to the Iran nuclear talks last fall.
The new spate of attacks was discovered by researchers at Kaspersky Lab after they uncovered evidence that some of the company’s own syst...